IETF Logo Mail Archive

Re: [quicwg/base-drafts] Packet protection keys not CID-based (#1267)

Martin Thomson <notifications@github.com> Fri, 06 April 2018 00:10 UTC

Return-Path: <noreply@github.com>
X-Original-To: quic-issues@ietfa.amsl.com
Delivered-To: quic-issues@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3EF4512E055 for <quic-issues@ietfa.amsl.com>; Thu, 5 Apr 2018 17:10:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.009
X-Spam-Level:
X-Spam-Status: No, score=-7.009 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=github.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E2PyyXfZLzBe for <quic-issues@ietfa.amsl.com>; Thu, 5 Apr 2018 17:10:25 -0700 (PDT)
Received: from out-7.smtp.github.com (out-7.smtp.github.com [192.30.252.198]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E84212E04B for <quic-issues@ietf.org>; Thu, 5 Apr 2018 17:10:25 -0700 (PDT)
Date: Thu, 05 Apr 2018 17:10:24 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=github.com; s=pf2014; t=1522973424; bh=jMstCeRbqJIaZA3OoA2YfTk0Kr0fVs6Nsbox/QWiKD4=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:List-ID: List-Archive:List-Post:List-Unsubscribe:From; b=1nDGqn2U3AKSZC1OToAIFh2/WvcqJu+wHIqFeiFP0RjwFzhRmcfwlmLYg1oagVOZK JTGoCJohTk7y5gajB4hyt60sz/PdzpLR6HU2CuPJemNgX2We6Vj1cD3fgBH1gcKj/h iGFbKTX/v3BsMVNaWDaSrWYKB00b6G3gpea3QFKA=
From: Martin Thomson <notifications@github.com>
Reply-To: quicwg/base-drafts <reply+0166e4ab22a83b5ca311f2b64063c5fd2e6cb807f729ea0492cf0000000116de7cf092a169ce1294612e@reply.github.com>
To: quicwg/base-drafts <base-drafts@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <quicwg/base-drafts/issues/1267/379112626@github.com>
In-Reply-To: <quicwg/base-drafts/issues/1267@github.com>
References: <quicwg/base-drafts/issues/1267@github.com>
Subject: Re: [quicwg/base-drafts] Packet protection keys not CID-based (#1267)
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="--==_mimepart_5ac6baf090165_50703f84c2a7ef289663b"; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Precedence: list
X-GitHub-Sender: martinthomson
X-GitHub-Recipient: quic-issues
X-GitHub-Reason: subscribed
X-Auto-Response-Suppress: All
X-GitHub-Recipient-Address: quic-issues@ietf.org
Archived-At: <https://mailarchive.ietf.org/arch/msg/quic-issues/rf-wNOIqnu160Z_qzAUGXWoo3YM>
X-BeenThere: quic-issues@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Notification list for GitHub issues related to the QUIC WG <quic-issues.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/quic-issues/>
List-Post: <mailto:quic-issues@ietf.org>
List-Help: <mailto:quic-issues-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/quic-issues>, <mailto:quic-issues-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Apr 2018 00:10:27 -0000

That's an interesting suggestion, certainly.  The predecessor to #1079 actually did that, but it turned out to be a little painful.

@ekr privately suggested that it might be necessary to send packets on the old path after a migration for other reasons.  That would help avoid denial of service caused by rewriting source addresses, or similar sorts of attacks.

FWIW, I don't think that the cessation of transmission on one path and commencement on another is as directly correlateable as that discussion implied, but I'm certainly not opposed to strategies that make any correlation harder.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/quicwg/base-drafts/issues/1267#issuecomment-379112626

v2.31.3 | Report a Bug | By Email | System Status